July 26 is the deadline to comment on new draft guidelines to help organisations stay on the right side of privacy laws as they delve into the big opportunities of big data analytics.
The Office of the Australian Information Commissioner says the new handbook aims to help organisations deliver the “enormous social and economic benefits” that are possible through big data analytics, while respecting the current Australian Privacy Principles.
It’s one of defining issues of the digital revolution. What is generally accepted as an individual’s right to privacy is being steadily eroded, as most people accept the assurances of companies and government agencies that their personal information is safe.
At the same time, the quantity of data collected about various aspects of life through computerised systems increases rapidly all the time and techniques to analyse it improve constantly. The risks — from cyber attacks and unethical behaviour by those hoarding this information — rise in parallel.
But there is also pushback, as the Australian Bureau of Statistics has found with its move to retain personal information from this year’s Census, which has led to calls for a boycott amid simmering resentment and distrust that has not gone away.
The OAIC’s new guide covers all the issues that have people riled up about the changes to the Census, which went through almost unnoticed shortly before the Christmas holidays.
The guide explains that “personal information may be de-identified so that the information is no longer about an identifiable individual or an individual who is reasonably identifiable”, which means it no longer counts as personal information and the Privacy Act doesn’t apply. But it also notes that “the risk of re-identification” — which is a lot harder to completely prevent than one might imagine — always has to be considered.
There is also a note on Privacy Impact Assessments — “practical tools which facilitate ‘privacy by design’ because they encourage entities to develop projects with privacy designed into the project, rather than being bolted on afterwards” — which allow organisations to inform stakeholders about their new big data plans and how they will manage the risks.
The ABS was criticised for how it carried out its PIA process for the Census changes, due to the timing and, for whatever reason, the fact that very few people and organisations were aware of its existence.
The guide clearly points to specific compliance risks related to big data activities, and offers simple tips on how to avoid them, referring constantly back to each of the Australian Privacy Principles:
“Risk point: Research shows many people don’t read privacy notices.
“Privacy tip: Entities should use privacy impact assessments to inform what information to include in their notices and then provide it in easy to read, dynamic and user centric ways.”
The concept of ‘privacy by design’ is also strongly encouraged:
“Embedding ‘privacy by design’ will lead to a trickle down effect where privacy is considered automatically by the entity, resulting in better overall privacy practice and compliance.”
The possibilities of big data as the technology improves are indeed mind-boggling and it is exciting to explore the new insights it can offer. Back in the 1940s, science fiction author Isaac Asimov was way out-there when he imagined scientists forecasting and guiding the future of large societies through advanced mathematical analysis of large amounts of information, but it doesn’t sound so far fetched today.
With such exciting developments, it’s important not to get carried away. As government agencies gingerly explore the possibilities of big data, linking up their databases and spruiking the benefits, the responsibility to keep our private lives private must be taken seriously.